Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC opens internet browser on startup and redirects to a site called Game Harbor


  • This topic is locked This topic is locked
25 replies to this topic

#1 FunkyFloris

FunkyFloris

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 11 September 2014 - 02:58 AM

Upon startup my pc opens my internet browser (Google Chrome) and redirects it to a site called GameHarbor. 
I have tried many solutions such as the FRST fix with the fixlist (which I found on other posts) but it still doesn't work, can someone help me? 

PS: Any help would be greatly appreciated!
 
Here are the FRST files:
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\AMD\amdacpusrsvc.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Floris at 2014-09-11 10:29:02
Running from C:\Users\Floris\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: BullGuard Antivirus (Enabled - Up to date) {C3CCAC61-52F7-A056-1860-6406566E2578}
AS: BullGuard Antispyware (Enabled - Up to date) {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Enabled) {FBF72D44-1898-A10E-333F-CD33A8BD6203}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33254 - BitTorrent Inc.)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\{6CBBF19C-2B69-4143-81C4-D5B56D32088C}) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 14.1 - BullGuard Ltd.)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
DOOM II: Hell on Earth (HKLM-x32\...\Steam App 2300) (Version:  - id Software)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version:  - 3D Realms)
Duke Nukem Forever (HKLM-x32\...\Steam App 57900) (Version:  - Gearbox Software)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Final DOOM (HKLM-x32\...\Steam App 2290) (Version:  - id Software)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LEGO - The Hobbit (HKLM-x32\...\TEVHT1RoZUhvYmJpdA==_is1) (Version: 1 - )
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)
Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Master Levels for DOOM II (HKLM-x32\...\Steam App 9160) (Version:  - id Software)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Retro City Rampage™ (HKLM-x32\...\Steam App 204630) (Version:  - Vblank Entertainment, Inc.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
Shadow Warrior Classic Redux (HKLM-x32\...\Steam App 225160) (Version:  - 3D Realms)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version:  - Modern Dream)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version:  - id Software)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wolfenstein 3D (HKLM-x32\...\Steam App 2270) (Version:  - id Software)
Wolfenstein 3D: Spear of Destiny (HKLM-x32\...\Steam App 9000) (Version:  - id Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
06-09-2014 11:15:34 DirectX is geïnstalleerd.
10-09-2014 10:02:53 DirectX is geïnstalleerd.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1A498924-823B-4FAB-9678-70CAB8A8551C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {1A82E912-4015-4586-9B16-118818ABE8A5} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2298C799-E0D8-487E-953E-36FAD49D4598} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3455DA9D-AF79-4AA8-A5FE-DE6CE600738E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EF97681-1466-49A6-83DB-06076CED01DD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {59DE38FC-15A7-4385-9038-96A0A10D3C61} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8A945B5D-9D59-45E0-9CEC-4F8A5D06BBF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AFE0BF20-5FBB-4901-92FB-04E0C4971075} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D2A1AD5C-C535-49BD-82B3-198A5020EFD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FC834F84-3613-45AD-B176-A6CA58A283A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-04 15:10 - 2014-09-04 15:10 - 00613200 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2014-09-04 15:10 - 2014-09-04 15:10 - 00084304 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2014-09-04 15:10 - 2014-09-04 15:10 - 00653136 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2014-04-17 21:55 - 2014-04-17 21:55 - 00082432 _____ () C:\AMD\amdacpusrsvc.exe
2014-09-04 15:10 - 2014-09-04 15:10 - 00653136 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2013-10-11 13:40 - 2013-10-11 13:40 - 00024912 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\nl\BullGuardBhvScannerRes.dll
2014-09-04 15:10 - 2014-09-04 15:10 - 00064848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2014-09-04 15:10 - 2014-09-04 15:10 - 00084304 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-09-10 17:14 - 2014-09-10 17:14 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-20 19:29 - 2014-07-20 19:29 - 00029512 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\nl\BackupShellNamespaceRes.dll
2014-09-04 15:10 - 2014-09-04 15:10 - 00613200 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-08-23 21:11 - 2014-08-23 21:11 - 00278856 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\nl\BpBackupRes.dll
2014-08-23 21:11 - 2014-07-31 12:45 - 00013640 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\nl\BpInspectorRes.dll
2014-08-23 21:11 - 2014-07-31 12:45 - 00035656 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\nl\BpMainRes.dll
2014-09-11 10:16 - 2014-09-04 05:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-11 10:16 - 2014-09-04 05:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-11 10:16 - 2014-09-04 05:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-11 10:16 - 2014-09-04 05:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-11 10:16 - 2014-09-04 05:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-11 10:16 - 2014-09-04 05:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Floris\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "Raptr"
HKCU\...\StartupApproved\Run: => "EADM"
 
==================== Faulty Device Manager Devices =============
 
Name: SM-buscontroller
Description: SM-buscontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet-controller
Description: Ethernet-controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications-controller
Description: PCI Simple Communications-controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2014 09:50:50 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: IOCTL_ACPKSD_KSD_TO_USR_SVC_SET_FB_APERTURES: FAILED
 
Error: (09/11/2014 09:50:50 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: FAILED
 
Error: (09/11/2014 09:44:58 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: IOCTL_ACPKSD_KSD_TO_USR_SVC_SET_FB_APERTURES: FAILED
 
Error: (09/11/2014 09:44:58 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: FAILED
 
Error: (09/11/2014 09:17:01 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: IOCTL_ACPKSD_KSD_TO_USR_SVC_SET_FB_APERTURES: FAILED
 
Error: (09/11/2014 09:17:01 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: FAILED
 
Error: (09/11/2014 08:21:34 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
 
Error: (09/11/2014 08:21:34 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
 
Error: (09/10/2014 10:47:58 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: IOCTL_USR_SVC_TO_ACPKSD_POWER_STATE_NOTIFICATION: FAILED
 
Error: (09/10/2014 04:00:23 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
 
 
System errors:
=============
Error: (09/08/2014 10:00:13 PM) (Source: DCOM) (EventID: 10010) (User: GAMEPC-FLORIS)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (09/08/2014 09:53:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Interactive Services Detection-service is gestopt met de volgende foutcode: 
%%1.
 
Error: (09/04/2014 09:15:21 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP090414-20312-01
 
Error: (09/04/2014 09:15:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 20:45:09 op ‎4-‎9-‎2014 is onverwacht gebeurd.
 
Error: (09/04/2014 04:05:14 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP090414-24234-01
 
Error: (09/04/2014 04:05:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 15:52:25 op ‎4-‎9-‎2014 is onverwacht gebeurd.
 
Error: (09/02/2014 06:26:30 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP090214-34625-01
 
Error: (09/02/2014 06:26:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 17:55:30 op ‎2-‎9-‎2014 is onverwacht gebeurd.
 
Error: (08/30/2014 07:38:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: BsMain.
 
Error: (08/30/2014 07:37:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: BsMain.
 
 
Microsoft Office Sessions:
=========================
Error: (09/11/2014 09:50:50 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: IOCTL_ACPKSD_KSD_TO_USR_SVC_SET_FB_APERTURES: FAILED
 
Error: (09/11/2014 09:50:50 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: FAILED
 
Error: (09/11/2014 09:44:58 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: IOCTL_ACPKSD_KSD_TO_USR_SVC_SET_FB_APERTURES: FAILED
 
Error: (09/11/2014 09:44:58 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: FAILED
 
Error: (09/11/2014 09:17:01 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: IOCTL_ACPKSD_KSD_TO_USR_SVC_SET_FB_APERTURES: FAILED
 
Error: (09/11/2014 09:17:01 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: FAILED
 
Error: (09/11/2014 08:21:34 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
 
Error: (09/11/2014 08:21:34 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
 
Error: (09/10/2014 10:47:58 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: IOCTL_USR_SVC_TO_ACPKSD_POWER_STATE_NOTIFICATION: FAILED
 
Error: (09/10/2014 04:00:23 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8135.99 MB
Available physical RAM: 5612.42 MB
Total Pagefile: 16327.99 MB
Available Pagefile: 13412.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.17 GB) (Free:485.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 762E22F0)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
I know I have to get a personalized fixlist for it to work, and any help would be really appreciated!

Mod Edit:  Merged posts, moved topic from Win 8 to Malware Removal Logs - Hamluis.

Edited by hamluis, 11 September 2014 - 06:20 AM.


BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:52 PM

Posted 11 September 2014 - 10:06 AM

Hi, FunkyFloris. I'm checking your log now and will reply with instructions soon.

#3 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 11 September 2014 - 10:28 AM

Okay, thanks! 
I can temporarily stop the browser opening at startup by going to taskmanager, and then startup tab. When I disable the CMD console on startup it doesn't happen but this adware still concerns me and I would like to have it removed from my pc once and for all!



#4 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:52 PM

Posted 11 September 2014 - 12:01 PM

Please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the number of the most recent report).
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKillerX64.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.


#5 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 11 September 2014 - 03:08 PM

I used AdwCleaner, here is the text file!

 

# AdwCleaner v3.309 - Rapport aangemaakt 11/09/2014 op 22:06:07
# Laatste Update 02/09/2014 door Xplode
# Besturingssysteem : Windows 8.1  (64 bits)
# Gebruikersnaam : Floris - GAMEPC-FLORIS
# Gestart vanuit : C:\Users\Floris\Desktop\AdwCleaner.exe
# Optie : Verwijderen
 
***** [ Services ] *****
 
 
***** [ Bestanden / Mappen ] *****
 
 
***** [ Taken ] *****
 
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17278
 
 
-\\ Mozilla Firefox v
 
[ Bestand : C:\Users\Floris\AppData\Roaming\Mozilla\Firefox\Profiles\n1aedcdy.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ Bestand : C:\Users\Floris\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [934 octets] - [11/09/2014 22:05:15]
AdwCleaner[S1].txt - [859 octets] - [11/09/2014 22:06:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [918 octets] ##########


#6 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 12 September 2014 - 08:02 AM

Is this post above good, can you solve the problem?



#7 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:52 PM

Posted 12 September 2014 - 03:21 PM

I still need the logs from Junkware Removal Tool and RogueKiller.

#8 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 12 September 2014 - 04:58 PM

Junkware Removal Tool
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Floris on vr 12-09-2014 at 23:54:49,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2766924026-263419973-1297910686-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 12-09-2014 at 23:57:31,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 12 September 2014 - 05:08 PM

And here's the last one, I'm really greatfull that you're helping me!
 
RogueKiller
 
RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
 
besturingssysteem : Windows 8.1 (6.3.9200 ) 64 bits version
Gestart vanuit : Normale modus
Gebruiker : Floris [Administrator rechten]
Modus : Scan -- Datum : 09/13/2014  00:06:42
 
¤¤¤ Kwaadaardige processen : 0 ¤¤¤
 
¤¤¤ Register verwijzingen : 8 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2766924026-263419973-1297910686-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> gevonden
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2766924026-263419973-1297910686-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> gevonden
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2766924026-263419973-1297910686-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> gevonden
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2766924026-263419973-1297910686-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> gevonden
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> gevonden
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> gevonden
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> gevonden
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> gevonden
 
¤¤¤ geplande taken : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS Bestand : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Geladen) ¤¤¤
 
¤¤¤ webbrowsers : 0 ¤¤¤
 
¤¤¤ MBR Controle : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 5974195e221f308c4f24d14d2e07b134
[BSP] 82c0f25d93b9ffcef78c07de7bb7ae80 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953518 MB
User = LL1 ... OK
User = LL2 ... OK


#10 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:52 PM

Posted 13 September 2014 - 10:55 AM

Please follow these steps:

1.- Run Malwarebytes Anti-Malware and do the following:

Click on Scan now.
If an update is available, click Update Now.
A Threat Scan will start.
After scan, if potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.

A window with an option to view the detailed log will appear. Click on View Detailed Log.
After viewing the results, please click on the Copy to Clipboard button > OK.
Paste your log into your next reply.

Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

 

2.- Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

  • Unzip the File to a convenient location. (Recommend the Desktop)
  • You may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    mbarwm.png
  • If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)
  • The following image opens, select Next.

    Image2.png
  • The following image opens, select Update

    Image3.png
  • When the Update completes, select Next

    Image4.png
  • In the following window ensure "Targets" are ticked. Then select "Scan"

    Image5.png
  • If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

    MBAntiRKclean.png
  • Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

    MBAntiRKclean1.png
  • Select "Yes" to close down the program. If NO infections were found you will see the following image:

    Image6.png
  • Select "Exit" to close down.
  • Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    Post those two logs in your reply.

Edited by Rootk, 13 September 2014 - 10:57 AM.


#11 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 13 September 2014 - 11:47 AM

Malwarebytes Anti-Malware:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13-9-2014
Scan Time: 18:40:17
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.13.03
Rootkit Database: v2014.09.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Floris
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304125
Time Elapsed: 3 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 13 September 2014 - 12:01 PM

mbar-log:
 
Malwarebytes Anti-Rootkit BETA 0.00.0.0000
 
 
 v2014.09.13.03
 
Windows 8.1 x64 NTFS
 11.0.9600.17278
Floris :: GAMEPC-FLORIS 
 
13-9-2014 18:52:17
mbar-log-2014-09-13 (18-52-17).txt
 
 
 
 
 304789
 4 , 14 
 
 0
 
 
 0
 
 
 0
 
 
 0
 
 
 0
 
 
 0
 
 
 0
 
 
 0
 
system log:
 
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 762E22F0
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 1952804864
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

Edited by FunkyFloris, 13 September 2014 - 12:05 PM.


#13 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 13 September 2014 - 12:05 PM

That's those 2 also, hope you can find the problem!



#14 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:52 PM

Posted 14 September 2014 - 06:01 PM

Please follow these steps:

1.- Download TFC.exe - Temp File Cleaner by OldTimer:
Alternate link: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Save it to your Desktop.
  • Close any open windows, save your work.
  • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish its job.
  • Once it's finished, click OK to reboot
2.- Go to Eset web page and run an online scanner from ESET. (You will need to use Internet explorer for this scan).

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on Run ESET Online Scanner button.
Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options below are ticked.
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
Click Start.
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
and copy and paste the results here in this topic.

#15 FunkyFloris

FunkyFloris
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 16 September 2014 - 10:45 AM

Well, I ran both scans, but can't seem to find the log file for the ESET scan, the only log file I found was really short and probably not it..

 

Log file I found:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users